Legal
Privacy Policy
Last updated July 4, 2026
This policy explains what personal data Moyou AI collects, why, and what your rights are. We aim to collect the minimum needed to run the Service.
What we collect
- Account data — your name, email address, and password (stored hashed).
- Generation data — the brand names, descriptions, style choices, refinement instructions you submit, and the logos generated from them.
- Token and payment data — your token balance and a ledger of credits and debits. Card and payment details are handled entirely by our payment provider, Creem; we never see or store them.
- Technical data — logs (IP address, user agent, timestamps) kept for security and debugging, and a session cookie required for login. We do not use advertising or cross-site tracking cookies.
How we use it
- to provide the Service and generate your logos;
- to process purchases and maintain your token ledger;
- to secure the Service and prevent abuse;
- to contact you about your account (verification, password resets, important changes).
We do not sell personal data or use it for advertising.
Third parties that process your data
- xAI — your brand name, description, style inputs, and refinement instructions are sent to xAI’s API to generate logos. Per xAI’s terms, API content may be used by xAI as described in their enterprise terms of service.
- Creem — processes payments and stores billing details under their own privacy policy.
- Hosting — the application and its database run on our hosting provider’s infrastructure in the EU where feasible.
Retention
Account data, generations, and the token ledger are kept while your account exists. Deleting your account removes your account data and generations from our systems. Server logs are rotated on a short schedule.
Your rights
Under the GDPR you can request access to, correction of, or deletion of your personal data, object to processing, and request portability. You can delete your account yourself in Settings → Profile. For anything else, email [email protected] — we respond within 30 days. You may also lodge a complaint with your local data-protection authority.
Changes
We will update this page when our data practices change and adjust the revision date above.
